import os
from flask import Flask, render_template_string, request
app = Flask(__name__)
CODE = open(__file__).read()
@app.route("/")
def index():
template = '''{% extends "layout.html" %}
{% block body %}
<code>
<pre>
{{ code }}
</pre>
</code>
{% endblock %}
'''
return render_template_string(template, code=CODE)
@app.route("/vulnerable")
def vulnerable():
username = request.args.get("username", "")
print(username)
if any([x in username for x in "._"]):
return "Username must not contain dot or underscore!"
template = '''{% extends "layout.html" %}
{% block body %}
<h1> Welcome service! </h1>
<h2>
Hello: {}, have a good PWN!
</h2>
{% endblock %}
'''.replace("{}", username)
return render_template_string(template)
if __name__ == "__main__":
app.run("0.0.0.0", debug=True)